2008 | Will Chatham

GMail Vulnerability? Watch Your Back.

Published by Will Chatham on 11/23/2008

I’ve been following the story about the domain name hijacking of MakeUseOf.com the last few weeks with interest. All signs are pointing to the domain thief having cracked the MakeUseOf.com Gmail account in order to retrieve their GoDaddy.com password and transfer the owenership of the domain.

This is not good for any GMail user, let alone domain name owners who have registered their domains through GMail.

Apparently, this one hacker has stolen over 850 domains this way, and holds them for ransom at $2000 a piece.

The latest part of the saga details how the MakeUseOf.com folks think this happened, right down to the hacking of the GMail account. If there is indeed a security flaw in GMail, which there appears to be, MakeUSeOf.com offers prudent steps to take in order to secure yourself (emphasis added by me):

(1) Well, my very first advice would be to check your email settings and make sure your email is not compromised. Check fowarding options and filters. Also make sure to disable IMAP if you don’t use it. This also applies to Google Apps accounts.

(2) Change contact email in your sensitive web accounts (paypal, domain registrar etc.) from your primary Gmail account to something else. If you own the website then change the contact email for your host and registrar accounts to some other email. Preferably to something that you aren’t logged in to when browsing web.

(3) Make sure to upgrade your domain to private registration so that your contact details don’t show up on WhoIS searches. If you’re on GoDaddy I’d recommend going with Protected Registration.

(4) Don’t open links in your email if you don’t know the person they are coming from. And if you decide to open the link make sure to log out first.

I would add to that list:

(5) Always use secure, encrypted GMail. There is an option at the bottom of the main Settings page in GMail for “Always use https” under the “Browser Connection” heading. Select this and leave it selected! Otherwise, anything you do in GMail is sent unencrypted over the Internet. Not good!

Keep in mind that this security flaw not only matters to domain name owners, but to anyone who has any sensitive email in their GMail account, whether it be online banking info, love letters, or whatever.

This will be interesting to watch, and I hope Google takes notice of this.

UPDATE: This fellow here has posted a proof-of-concept on creating malicious filters in someone’s GMail account.

Who’s hogging the pipe?

Published by DB Cooper on 11/10/2008

If you’ve found yourself in a Network/System Admin position without the proper tools, and can’t seem to get them, there’s usually a way to do things for free with Linux or at least using the repos provided under an enterprise support package such as RHEL. 🙂 This is for monitoring who’s chewing up the pipe by IP address.

* Obviously there’s 100 ways to skin a cat in Open Source, but this is one way that can take you from “Who’s hogging the pipe” to “HEY! Stop doing that” in 15 minutes. Granted this isn’t meant for controlling the traffic, that’s another story. *

How To: ( Warning! – You may need to verify this action with your IT Dept – Warning!)

1. On the Core switch just before the “Gateway” hop takes place, and Pre-NAT rules, you’ll need to enable a port for monitoring the traffic (both TX and RX) to and from the “Gateway”. This box could also be used as a SNORT box. (once again another story)

2. You’ll need a Linux box with dual NIC’s (for remote usage) or a single NIC with Physical terminal access for direct access only.

3. Install and run/configure “iptraf” (using sudo or root access)
#sudo yum install -y iptraf
#sudo iptraf (once the Screen launches, hit any key)
Scroll down to “Configure” (enter)
Set “Force Promiscuous mode” to ON
(You may wish to keep “Reverse DNS Lookups” off as well)
(Adjust “Additional ports” or any other settings if needed)
“Exit Configuration”
Select “IP Traffic Monitor”
Select the interface that’s plugged into the “Monitored” port. (from Step 1.)
Once the monitoring begins you can sort by bytes or packet count etc.

Find the “Hogger”.

Note: I really like the “iftop” tool as well, but it’s not in the RHEL Repos. ;0)

You can’t control the traffic from this app, but at least you can verify if the traffic is legit or not. Once you have the ip you can do the standard ip/arp/mac table lookups etc. to locate the machine.

HTH.

dbcooper

Practical Security: Wireless Network Security & WPA

Published by Will Chatham on 11/10/2008

In light of the latest wireless vulnerability found, which can break “WPA” using “TKIP” for encryption, I thought I would advise everyone to review your home wireless setup.

The subject of securing your wireless (or wired) networks at home could be talked about for hours on end, and depending on what hardware (model/brand) you have, your set-up and configurations may vary. Please see the documentation that came with your device or the company’s website for more information on the specific model you have. Also, don’t hesitate to call or email the vendor for help if needed.

Basically it comes down to these few things:

Don’t broadcast your SSID if possible. (See your manual, and see this link)
Use Wireless MAC filtering if possible. (See your manual, and see this link)
Don’t use WEP for encryption.
Don’t use WPA w/TKIP (this is now breakable).
Change your WPA from TKIP to AES for encryption. (See your manual)
If your hardware (computer and wireless router) supports it, move to WPA2. (See your manual)

General Home Computer Security Info:

Make sure your Anti-virus application is updating/updated and enabled.
At a minimum, make sure the Windows Firewall is enabled (unless you are on a Mac, in which case you should turn yours on too).
Use strong passwords comprised of alpha/numeric/special characters on all your “Admin” level computer accounts.
If you have any files or folders shared over your home network, make sure they are password protected.

There are a million resources for articles on computers and security online, but here are a few good ones if you are new or inexperienced with the subject (or just need a refresher).

Microsoft Security Resource for Home Users:
http://www.microsoft.com/protect/default.mspx

US-CERT.GOV – Home Users:
http://www.us-cert.gov/nav/nt01/
http://www.us-cert.gov/reading_room/home-network-security/

CERT.ORG – Home Users:
http://www.cert.org/homeusers/
http://www.cert.org/homeusers/HomeComputerSecurity/
http://www.cert.org/tech_tips/home_networks.html

With all that said, have a safe, secure, and happy computing day.

More on Putty

Published by Will Chatham on 11/1/2008

The other day I showed you how to configure the look and feel of Putty for improved usability and performance. As I was doing some digging, I discovered two tools which extend the awesomeness of Putty.

First is Putty Connection Manager, which takes control and allows you to manage multiple Putty sessions from one, convenient tabbed interface. Did I mention that I love tabbed interfaces?

Second, there is Putty Tray, which seems to be a customized version someone made that in and of itself improves the Putty interface, while enabling you to minimize it to the Windows System Tray.

HTML Form Elements for Photoshop

Published by Will Chatham on 10/31/2008

If you are a web designer, you have probably found yourself needing an easy way to make HTML form fields when creating mockups of your designs in Photoshop (or any image editing application). I know I have, and I usually resort to grabbing screen shots of web pages that contain forms that look close to the design I am trying to implement. Occasionally I have found myself actually making form fields in Photoshop, which can take a lot of time.

I found a tool today that makes all of this much simpler. It allows you to define the look and feel of every form element, including colors, widths, and other styles, and have them appear on the page. Once you have the form elements looking spiffy, you can take a screenshot of the page and load it into Photoshop where you then crop out the elements you want to use and slap them into your mockup. Very handy!

HTML Form Elements for Photoshop can be used directly from the developer’s web site, or you can download a copy for yourself and run it locally.

Configure Putty Settings For Improved Performance

Published by Will Chatham on 10/30/2008

Not sure about you, but I use Putty perhaps more than any other application on my Windows PC’s. Putty is a powerful, fast, free application which can be used to connect you quickly and securely to your Linux/Unix environment.

A person named “dag” from the Field Commander Wieers blog has provided an excellent article on configuring Putty for optimal usability and performance called “Improving Putty Settings on Windows“. After walking through the steps listed in the article, I fired up Putty and was amazed by the improved text rendering, colors, and more.

A brief summary of settings gleaned from the article:

Category: Session
Connection type: SSH

Category: Window
Lines of scrollback: 20000

Category: Window > Appearance
Font: Lucida Console, 9-point
Font quality: ClearType
Gap between text and window edge: 3

Category: Window > Translation
Character set: UTF-8
Handling of line drawing characters: Unicode

Category: Window > Selection
Action of mouse buttons: xterm (Right extends, Middle pastes)
Paste to clipboard in RTF as well as plain text: enabled

Category: Window > Colours
ANSI Blue: Red:74 Green:74 Blue:255
ANSI Blue Bold: Red:140: Green:140 Blue:255

Category: Connection
Seconds between keepalives (0 to turn off): 25

Category: Connection > SSH > X11
Enable X11 forwarding: enabled

Read the whole article here.

Year: 2008